path: root/modules/pam_access/pam_access.8.xml
diff options
authorTomas Mraz <>2017-05-31 10:27:28 +0200
committerTomas Mraz <>2017-05-31 10:27:28 +0200
commit7d0c508a52ebc9c702e1b6e66f46e4a6dc028c4a (patch)
tree8baa315fe88b9602c43e2369c3c011ef10bc18c2 /modules/pam_access/pam_access.8.xml
parent5a6a2d169c06cd7e1959c34261d637c3f1c1f573 (diff)
pam_access: support parsing files in /etc/security/access.d/*.conf
* modules/pam_access/pam_access.c (login_access): Return NOMATCH if there was no match in the parsed file. (pam_sm_authenticate): Add glob() call to go through the ACCESS_CONF_GLOB subdirectory and call login_access() on the individual files matched. * modules/pam_access/pam_access.8.xml: Document the addition. * modules/pam_access/ Add ACCESS_CONF_GLOB definition.
Diffstat (limited to 'modules/pam_access/pam_access.8.xml')
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml
index c629a9f3..9a6556cc 100644
--- a/modules/pam_access/pam_access.8.xml
+++ b/modules/pam_access/pam_access.8.xml
@@ -57,6 +57,14 @@
By default rules for access management are taken from config file
<filename>/etc/security/access.conf</filename> if you don't specify
another file.
+ Then individual <filename>*.conf</filename> files from the
+ <filename>/etc/security/access.d/</filename> directory are read.
+ The files are parsed one after another in the order of the system locale.
+ The effect of the individual files is the same as if all the files were
+ concatenated together in the order of parsing. This means that once
+ a pattern is matched in some file no further files are parsed.
+ If a config file is explicitly specified with the <option>accessfile</option>
+ option the files in the above directory are not parsed.
If Linux PAM is compiled with audit support the module will report